Juho Forsén

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 **Description** An issue exists where the software fails to validate the `Host` header when constructing response URLs for custom slash commands. This allows an authenticated attacker to redirect slash command responses to a server under their control by using a spoofed `Host` header. **Recommendations** Update Mattermost versions 11.5.0 through 11.5.1 to a version later than 11.5.1. Update Mattermost versions 10.11.0 through 10.11.13 to a version later than 10.11.13.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 **Description** An authenticated attacker can cause server memory exhaustion and denial of service by uploading a specially crafted 7zip file containing excessive folder declarations. This occurs because the software fails to validate the 7zip archive structure before processing it. **Recommendations** Update Mattermost versions 11.5.0 through 11.5.1 to a version newer than 11.5.1. Update Mattermost versions 10.11.0 through 10.11.13 to a version newer than 10.11.13. Update Mattermost versions 11.4.0 through 11.4.3 to a version newer than 11.4.3.

**Name of the Vulnerable Software and Affected Versions** SWIG (affected versions not specified) **Description** SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.0 through 10.11.9 **Description** Mattermost versions 10.11.0 through 10.11.9 do not properly validate channel membership when retrieving data, potentially allowing a deactivated user to learn team names they should not have access to. This occurs due to a race condition in the `/common teams` API endpoint. **Recommendations** Update to a version later than 10.11.9.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.0 through 10.11.10 Mattermost versions 11.2.0 through 11.2.2 Mattermost versions 11.3.0 **Description** The software does not properly limit memory allocation when processing PSD image files. This allows an authenticated attacker to exhaust server memory and cause a denial of service by uploading a specially crafted PSD file. **Recommendations** Update Mattermost to a version beyond 10.11.10. Update Mattermost to a version beyond 11.2.2. Update Mattermost to a version beyond 11.3.0.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.0 through 10.11.10 Mattermost versions 11.2.0 through 11.2.2 Mattermost versions 11.3.0 **Description** Mattermost does not properly limit memory allocation when processing DOC files. This allows an authenticated attacker to exhaust server memory and cause a denial of service by uploading a specially crafted DOC file. **Recommendations** Update Mattermost to a version later than 10.11.10. Update Mattermost to a version later than 11.2.2. Update Mattermost to a version later than 11.3.0.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 **Description** The software does not properly validate user permissions when creating Jira issues from Mattermost posts. This allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they should not have access to. The issue occurs when using the `/create-issue` API endpoint and providing the post ID of an inaccessible post. The vulnerable parameter is the `post ID`. **Recommendations** Update Mattermost to a version later than 10.11.9. Update Mattermost to a version later than 11.1.2. Update Mattermost to a version later than 11.2.1.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0 **Description** The software does not properly validate user channel membership when attaching Mattermost posts as comments to Jira issues. This allows an authenticated attacker who has access to the Jira plugin to read post content and attachments from channels they are not authorized to access. **Recommendations** Update Mattermost to a version later than 10.11.7. Update Mattermost to a version later than 10.12.3. Update Mattermost to a version later than 11.0.5. Update Mattermost to a version later than 11.1.0.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0 **Description** Mattermost fails to verify that post actions invoking '/share-issue-publicly' were created by the Jira plugin. This allows a malicious Mattermost user to potentially exfiltrate Jira tickets when victim users interact with affected posts. **Recommendations** Update Mattermost to a version later than 10.11.7. Update Mattermost to a version later than 10.12.3. Update Mattermost to a version later than 11.0.5. Update Mattermost to a version later than 11.1.0.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.1.x through 11.1.0 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 10.11.x through 10.11.7 Mattermost Jira plugin versions 4.4.0 and earlier **Description** The Mattermost Jira plugin does not properly enforce authentication and issue-key path restrictions. This allows an unauthenticated attacker, knowing a valid user ID, to send authenticated GET and POST requests to the Jira server using specially crafted plugin payloads. These payloads can spoof the user ID and inject arbitrary issue key paths. The vulnerability requires the Jira plugin to be enabled. **Recommendations** Update Mattermost to a version later than 11.1.0. Update Mattermost to a version later than 11.0.5. Update Mattermost to a version later than 10.12.3. Update Mattermost to a version later than 10.11.7. Update the Mattermost Jira plugin to a version later than 4.4.0.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 **Description** The Mattermost application does not properly enforce access permissions within the Agents plugin. This allows other users to determine when users have read channels by accessing channel member objects. **Recommendations** Update Mattermost to a version later than 10.5.11. Update Mattermost to a version later than 10.11.3.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0 **Description** The Mattermost application does not properly validate the relationship between a post being updated and the Microsoft Teams (MSTeams) plugin OAuth flow. This allows an attacker to modify any post by using a specially crafted MSTeams plugin OAuth redirect URL. The issue involves a failure to validate the connection between the post update and the OAuth process. **Recommendations** Update Mattermost to a version later than 10.5.11. Update Mattermost to a version later than 10.11.3. Update Mattermost to a version later than 10.12.0.

**Name of the Vulnerable Software and Affected Versions** rardecode versions 2.1.1 and earlier **Description** The software does not properly limit the dictionary size when processing RAR files. An attacker can exploit this by providing a specially crafted RAR file with a large dictionary size, leading to a Denial of Service due to an Out Of Memory crash. **Recommendations** Update to a version newer than 2.1.1.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.x through 10.11.6 Mattermost GitHub plugin versions through 2.4.0 **Description** The software does not properly validate the identity of plugin bots when forwarding reactions. This allows attackers to misuse the GitHub reaction feature, potentially causing users to add reactions to unintended GitHub objects through specially crafted notification posts. The issue involves reaction forwarding and a lack of proper bot identity verification. **Recommendations** Update Mattermost to a version later than 10.11.6. Update the Mattermost GitHub plugin to a version later than 2.4.0.

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions 10.5.0 through 10.5.9 Description: Mattermost Server versions 10.5.x up to and including 10.5.9, when utilizing the Agents plugin, do not reject empty request bodies. This allows users to potentially trick others into clicking malicious links through post actions. Recommendations: Update Mattermost Server to a version later than 10.5.9.

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.0 through 10.5.8 Description: Mattermost versions 10.5.x through 10.5.8 do not validate access controls when accessing data, potentially allowing a user to read a thread through AI posts. Recommendations: Update to a version later than 10.5.8.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.5.0 through 10.5.9 **Description** Mattermost versions 10.5.x fail to properly validate redirect URLs, allowing attackers to redirect users to malicious sites via crafted OAuth login URLs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.7.x through 10.7.1 Mattermost versions 10.6.x through 10.6.3 Mattermost versions 10.5.x through 10.5.4 Mattermost versions 9.11.x through 9.11.13 **Description** The issue is related to the improper validation of LDAP group ID attributes. This allows an authenticated administrator with the `PermissionSysconsoleWriteUserManagementGroups` permission to execute LDAP search filter injection via the "PUT /api/v4/ldap/groups/{remote id}/link" API endpoint when `objectGUID` is configured as the Group ID Attribute. **Recommendations** For Mattermost versions 10.7.x through 10.7.1, update to a version later than 10.7.1 to resolve the issue. For Mattermost versions 10.6.x through 10.6.3, update to a version later than 10.6.3 to resolve the issue. For Mattermost versions 10.5.x through 10.5.4, update to a version later than 10.5.4 to resolve the issue. For Mattermost versions 9.11.x through 9.11.13, update to a version later than 9.11.13 to resolve the issue. As a temporary workaround, consider restricting access to the "PUT /api/v4/ldap/groups/{remote id}/link" API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.9 Mattermost versions 10.4.x through 10.4.2 Mattermost versions 10.5.x through 10.5.0 **Description** The issue allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool. This is due to the failure to restrict domains that the LLM can request to contact upstream. **Recommendations** For versions 9.11.x through 9.11.9, consider disabling the AI plugin's Jira tool until a patch is available. For versions 10.4.x through 10.4.2, restrict access to the Jira tool to minimize the risk of exploitation. For versions 10.5.x through 10.5.0, avoid using the AI plugin's Jira tool until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.5.x through 10.5.1 Mattermost versions 10.4.x through 10.4.3 Mattermost versions 9.11.x through 9.11.9 **Description** The issue allows users without access to the AI bot to activate it by attaching the `activate ai` override property to a post via the Wrangler plugin, provided both the AI and Wrangler plugins are enabled. This occurs because Mattermost fails to prevent Wrangler posts from triggering AI responses. **Recommendations** For versions 10.5.x through 10.5.1, consider disabling the Wrangler plugin until a patch is available. For versions 10.4.x through 10.4.3, restrict access to the AI bot to minimize the risk of exploitation. For versions 9.11.x through 9.11.9, avoid using the `activate ai` override property in posts via the Wrangler plugin until the issue is resolved.